Internal Audit Department Charter
11:12:00 Internal Audit Department Charter
Chattanooga State Community College is an institution of the Tennessee Board of Regents (TBR) system. The system is governed by the Board of Regents, consisting of 19 members (the Board) as determined by state law. The TBR Audit Committee is a standing committee of the Board. In accordance with the "State of Tennessee Audit Committee Act of 2005," the System-wide Chief Audit Executive reports directly to the Audit Committee and the Board and oversees the internal audit operations. Chattanooga State Community College employs an internal auditor in accordance with TBR policy.
Internal audit is an independent, objective assurance and consulting activity designed to add value and improve Chattanooga State Community College operations. The mission of internal audit is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. Internal audit helps Chattanooga State Community College accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal audit assists Chattanooga State Community College's management i n the effective discharge of their duties and responsibilities by evaluating activities through assurance and consulting services, recommending improvements, and providing other information designed to promote effective controls.
Assurance services involve the internal auditor's objective assessment of evidence to provide an independent opinion or conclusions regarding an entity, operation, function, process, system, or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor. There are generally three parties involved in assurance services: (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter-the process owner, (2) the person or group making the assessment-the internal auditor, and (3) the person or group using the assessment -the user.
Consulting services are advisory in nature, and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties: (1) the person or group offering the advice - the internal auditor, and (2) the person or group seeking and receiving the advice the engagement client. When performing consulting services, the internal auditor should maintain objectivity and not assume management responsibility. Chattanooga State Community College's management has the primary responsibility for establishing and maintaining a sufficient system of internal controls.
3. Audit Standards
The internal audit function adheres to mandatory elements of the Institute of Internal Auditors' International Professional Practices Framework, including the Definition of Internal Auditing, the Code of Ethics, the International Standards for the Professional Practice of Internal Auditing (Standards), and the Core Principles for the Professional Practice of Internal Auditing. These mandatory elements constitute principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity's performance.
4. Authority and Scope
Internal audit's review of operations may include the examination and evaluation of the effectiveness of all aspects of institutional operations at (name of institution.) In the course of its work, internal audit has complete and direct access to all (name of institution) books, electronic and manual records, physical properties, and personnel information relative to the performance of duties and responsibilities. All documents and information given to internal audit during their work will be handled in the same prudent manner that (name of institution) expects of the employees normally accountable for them.
5. Organizational Status/Reporting Structure
In accordance with T.C.A. 49-14-102 and TBR Policy 4-01-05-00, Internal Audit, the System wide Chief Audit Executive reports directly to the Audit Committee and the TBR. (Name of institution)'s internal auditor reports to the President with audit reporting responsibility to the Audit Committee and the Board through the System-wide Chief Audit Executive.
The internal auditing services provided by the internal audit office are reported directly to the President and the TBR Audit Committee. All audit work is summarized in timely written reports distributed to management to ensure that the results are given due consideration. In addition to management, reports or summaries are distributed to members of the Audit Committee and to the State of Tennessee, Comptroller's Office. Management is provided a discussion draft of the audit report prior to the report being issued. Internal audit is responsible for following up timely on audit findings to ascertain the status of management's corrective actions.
6. Independence and Objectivity
Internal audit has neither direct responsibility for, nor authority over, any of the actlvttles, functions, or tasks it reviews, nor shall their review relieve others of their responsibilities. The internal auditors must maintain a high degree of independence and not be assigned duties or engage in any operations or decision making in any activities that they would normally be expected to review or evaluate as part of the normal audit function.
7. Responsibility and Role
TBR Policy 04:01:05:00, Internal Audit, states the role of internal audit is to assist members of the organization in the effective discharge of their responsibilities. Meaningful internal auditing requires cooperation among internal audit, (name of institution)'s administration, and the department under audit. ln fulfilling their responsibilities, internal audit will:
• Comply with auditing standards established by the Institute of Internal Auditors to ensure the effectiveness and quality of the internal audit effort.
• Develop and implement audit plans and programs after consultation with the President that respond to both risk and cost effectiveness criteria.
• Review the reliability and integrity of information, and the information technology processes that produce that information.
• Verify compliance with applicable policies, guidelines, laws, and regulations.
• Suggest policies and procedures or improvements to existing policies and procedures where appropriate.
• Provide audit reports that identify internal control tssues and make cost-effective recommendations to strengthen control.
• Facilitate the resolution of audit issues with administrators who have the most direct involvement and accountability.
• Review institutional operations (financial and other) on an advisory basis to inform and assist management in the successful execution of their duties.
• Assist with audits or perform certain agreed upon procedures for external parties. External parties include but are not limited to audit offices of federal and state governments and related agencies.
• Review management's risk assessment process and advise management on the reasonableness and propriety of the assessment.
• Promote and evaluate fraud prevention and identification programs and investigate allegations involving fraud, waste, and abuse.
• Demonstrate and promote appropriate ethics and values within the organization.
• Communicate activities and information among the board, internal auditors, external auditors and the administration.
8. Quality Assurance and Improvement
Internal audit will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. The program will include an evaluation of the internal audit's conformance with the Standards and an evaluation of whether the internal auditors apply the Institute of Internal Auditors' Code of Ethics, Definition of Internal Auditing, and the Core Principles for the Professional Practices of Internal Auditing. The program will include both internal and external assessments. The System-wide Chief Audit Executive will communicate the results of the assessments to the Audit Committee.
9. Periodic Review of Internal Audit Charter
This charter will be periodically assessed by the Chief Audit Executive to determine whether the purpose, authority, and responsibilities defined in this charter are adequate to enable the internal auditing activity to accomplish its objectives. The results of the periodic assessment will be communicated to senior management and the Audit Committee.
Dr. Rebecca Ashford April 19, 2018
President, Chattanooga State Community College Date
Kimberly Clingan April 19, 2018
Auditor, Chattanooga State Community College Date